SOS with data and store has been extensively used in specifying semantics of ... Function symbols from the data signature are typically denoted by fD,fâ².
Algebraic Meta-Theory of Processes with Data Daniel Gebler Department of Computer Science, VU University Amsterdam (VU), De Boelelaan 1081a, NL-1081 HV Amsterdam, The Netherlands
Eugen-Ioan Goriac ICE-TCS, School of Computer Science, Reykjavik University, Menntavegur 1, IS-101, Reykjavik, Iceland
Mohammad Reza Mousavi Center for Research on Embedded Systems (CERES), Halmstad University Kristian IV:s v¨ag 3, SE-302 50, Halmstad, Sweden
There exists a rich literature of rule formats guaranteeing different algebraic properties for formalisms with a Structural Operational Semantics. Moreover, there exist a few approaches for automatically deriving axiomatizations characterizing strong bisimilarity of processes. To our knowledge, this literature has never been extended to the setting with data (e.g. to model storage and memory). We show how the rule formats for algebraic properties can be exploited in a generic manner in the setting with data. Moreover, we introduce a new approach for deriving sound and ground-complete axiom schemata for a notion of bisimilarity with data, called stateless bisimilarity, based on intuitive auxiliary function symbols for handling the store component. We do restrict, however, the axiomatization to the setting where the store component is only given in terms of constants.
1
Introduction
Algebraic properties capture some key features of programming and specification constructs and can be used both as design principles (for the semantics of such constructs) as well as for verification of programs and specifications built using them. When given the semantics of a language, inferring properties such as commutativity, associativity and unit element, as well deriving sets of axioms for reasoning on the behavioural equivalence of two processes constitute one of the cornerstones of process algebras [7, 39] and play essential roles in several disciplines for behavioural modeling and analysis such as term rewriting [6] and model checking [9]. For formalisms with a Structural Operational Semantics (SOS), there exists a rich literature on metatheorems guaranteeing key algebraic properties (commutativity [32], associativity [17], zero and unit elements [4], idempotence [1], and distributivity [3]) by means of restrictions on the syntactic shape of the transition rules. At the same time, for GSOS [13], a restricted yet expressive form of SOS specifications, one can obtain a sound and ground-complete axiomatization modulo strong bisimilarity [2]. Supporting some form of data (memory or store) is a missing aspect of these existing meta-theorems, which bars applicability to the semantics of numerous programming languages and formalisms that do feature these aspects in different forms. In this paper we provide a natural and generic link between the meta-theory of algebraic properties and axiomatizations, and SOS with data for which we consider that one data state models the whole memory. Namely, we move the data terms in SOS with data to the labels and instantiate them to closed terms; we call this process currying. Currying allows us to apply directly the existing rule formats for algebraic properties on the curried SOS specifications (which have process terms as states and triples of J. Borgstr¨om and B. Luttik (Eds.): Combined Workshop on Expressiveness in Concurrency and Structural Operational Semantics (EXPRESS/SOS 2013) EPTCS 120, 2013, pp. 63–77, doi:10.4204/EPTCS.120.6
c Gebler, Goriac & Mousavi
This work is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works License.
Algebraic Meta-Theory of Processes with Data
64
the form (datum, label, datum) as labels). We also present a new way of automatically deriving sound and ground-complete axiomatization schemas modulo strong bisimilarity for the curried systems for the setting in which the data component is characterized by constants. It turns out that strong bisimilarity for the curried SOS specification coincides with the notion of stateless bisimilarity in the original SOS specifications with data. The latter notion is extensively studied in [31] and used, among others, in [12, 20, 10, 11]. (This notion, in fact, coincides with the notion of strong bisimilarity proposed for Modular SOS in [27, Section 4.1].) Hence, using the existing rule formats, we can obtain algebraic laws for SOS specification with data that are sound with respect to stateless bisimilarity, as well as the weaker notions of initially stateless bisimilarity and statebased bisimilarity, studied in [31]. Related work. SOS with data and store has been extensively used in specifying semantics of programming and specification languages, dating back to the original work of Plotkin [36, 37]. Since then, several pieces of work have been dedicated to providing a formalization for SOS specification frameworks allowing one to include data and store and reason over it. The current paper builds upon the approach proposed in [31] (originally published as [29]). The idea of moving data from the configurations (states) of operational semantics to labels is reminiscent of Modular SOS [26, 27], Enhanced SOS [18], the Tile Model [19], and context-dependentbehaviour framework of [16]. The idea has also been applied in instances of SOS specification, such as those reported in [8, 10, 33]. The present paper contributes to this body of knowledge by presenting a generic transformation from SOS specifications with data and store (as part of the configuration) to Transition System Specifications [13, 22]. The main purpose of this generic transformation is to enable exploiting the several existing rule formats defined on transition system specifications on the results of the transformation and then, transform the results back to the original SOS specifications (with data and store in the configuration) using a meaningful and well-studied notion of bisimilarity with data. Our transformation is also inspired by the translation of SOS specifications of programming languages into rewriting logic, see e.g., [24, 25]. Structure of the paper. The rest of this paper is organized as follows. In Section 2, we recall some basic definitions regarding SOS specifications and behavioural equivalences. In Section 3, we present the currying technique and formulate the theorem regarding the correspondence between strong and stateless bisimilarity. In Section 4 we show how to obtain sound and ground-complete axiomatizations modulo strong bisimilarity for those curried systems for which the domain of the data component is a finite set of constants. We apply the currying technique to Linda [15], a coordination language from the literature chosen as case study in Section 5, and show how key algebraic properties of the operators defined in the language semantics are derived. We conclude the paper in Section 6, by summarizing the results and presenting some directions for future work.
2
Preliminaries
2.1 Transition Systems Specifications We assume a multisorted signature Σ with designated and distinct sorts P and D for processes and data, respectively. Moreover, we assume infinite and disjoint sets of process variables VP (typical members: xP , yP , xPi , yPi . . .) and data variables VD (typical members: xD , yD , xDi , yDi . . .), ranging over their respective sorts P and D.
Gebler, Goriac & Mousavi
65
Process and data signatures, denoted respectively by ΣP ⊆ Σ and ΣD ⊆ Σ, are sets of function symbols with fixed arities. We assume in the remainder that the function symbols in ΣD take only parameters of the sort ΣD , while those in ΣP can take parameters both from ΣP and ΣD , as in practical specifications of systems with data, process function symbols do take data terms as their parameters. Terms are built using variables and function symbols by respecting their domains of definition. The sets of open process and data terms are denoted by T(ΣP ) and T(ΣD ), respectively. Disjointness of process and data variables is mostly for notational convenience. Function symbols from the process signature are typically denoted by fP , gP , fPi and gPi . Process terms are typically denoted by tP , t′P , ′ and f , and data and tPi . Function symbols from the data signature are typically denoted by fD , fD Di terms are typically denoted by tD , t′D , and tDi . The sets of closed process and data terms are denoted by T (ΣP ) and T (ΣD ), respectively. Closed process and data terms are typically denoted by p, q, p′ , pi , p′i and d, e, d′ , di , d′i , respectively. We denote process and data substitutions by σ, σ ′ , and ξ, ξ ′ , respectively. We call substitutions σ : VP → T(ΣP ) process substitutions and ξ : VD → T(ΣD ) data substitutions. A substitution replaces a variable in an open term with another (possibly open) term. Notions of open and closed and the concept of substitution are lifted to formulae in the natural way. Definition 1 (Transition System Specification). Consider a signature Σ and a set of labels L (with typical members l, l′ , l0 , . . .). A positive transition formula is a triple (t, l, t′ ), where t, t′ ∈ T(Σ) and l
l ∈ L, written t − → t′ , with the intended meaning: process t performs the action labeled as l and becomes ′ process t . A transition rule is defined as a tuple (H, α), where H is a set of formulae and α is a formula. The formulae from H are called premises and the formula α is called the conclusion. A transition rule is H and has the following generic shape: mostly denoted by α lij
{ti −→ tij | i ∈ I, j ∈ Ji } (d)
l
t− → t′
,
where I, Ji are sets of indexes, t, t′ , ti , tij ∈ T(Σ), and lij ∈ L. A transition system specification (abbreviated TSS) is a tuple (Σ, L, R) where Σ is a signature, L is a set of labels, and R is a set of transition rules of the provided shape. We extend the shape of a transition rule to handle process terms paired with data terms in the following manner: lij
(d’)
{(tPi , tDi ) −→ (tPij , tDij ) | i ∈ I, j ∈ Ji } l
(tP , tD ) − → (t′P , t′D )
,
where I, Ji are index sets, tP , t′P , tPi , tPij ∈ T(ΣP ), tD , t′D , tDi , tDij ∈ T(ΣD ), and lij ∈ L. A transition system specification with data is a triple T = (ΣP ∪ ΣD , L, R) where ΣP and ΣD are process and data signatures respectively, L is a set of labels, and R is a set of transition rules handling pairs of process and data terms. Definition 2. Let T be a TSS with data. A proof of a formula φ from T is an upwardly branching tree whose nodes are labelled by formulas such that 1. the root node is labelled by φ, and
Algebraic Meta-Theory of Processes with Data
66
2. if ψ is the label of a node q and the set {ψi | i ∈ I} is the set of labels of the nodes directly above {χi | i ∈ I} , a process substitution σ, and a data substitution q, then there exist a deduction rule χ ξ such that the application of these substitutions to χ gives the formula ψ, and for all i ∈ I, the application of the substitutions to χi gives the formula ψi . Note that by removing the data substitution ξ from above we obtain the definition for proof of a formula from a standard TSS. The notation T ⊢ φ expresses that there exists a proof of the formula φ from the TSS (with data) T . Whenever T is known from the context, we will write φ directly instead of T ⊢ φ.
2.2 Bisimilarity In this paper we use two notions of equivalence over processes, one for standard transition system specifications and one for transition system specifications with data. Stateless bisimilarity is the natural counterpart of strong bisimilarity, used in different formalisms such as [10, 11, 12, 20]. Definition 3 (Strong Bisimilarity [34]). Consider a TSS T = (ΣP , L, R). A relation R ⊆ T (ΣP ) × l
→ p′ ⇒ T (ΣP ) is a strong bisimulation if and only if it is symmetric and ∀p,q (p, q) ∈ R ⇒ (∀l,p′ p − l
→ q ′ ∧ (q, q ′ ) ∈ R). Two closed terms p and q are strongly bisimilar, denoted by p ↔T q if there ∃q ′ q − exists a strong bisimulation relation R such that (p, q) ∈ R. Definition 4 (Stateless Bisimilarity [31]). Consider a TSS with data T = (ΣP ∪ ΣD , L, R). A relation Rsl ⊆ T (ΣP ) × T (ΣP ) is a stateless bisimulation if and only if it is symmetric and ∀p,q (p, q) ∈ Rsl ⇒ l
l
→ (q ′ , d′ ) ∧ (p′ , q ′ ) ∈ Rsl . Two closed process terms p and q are → (p′ , d′ ) ⇒ ∃q′ (q, d) − ∀d,l,p′ ,d′ (p, d) − T stateless bisimilar, denoted by p ↔sl q, if there exists a stateless bisimulation relation Rsl such that (p, q) ∈ Rsl .
2.3 Rule Formats for Algebraic Properties As already stated, the literature on rule formats guaranteeing algebraic properties is extensive. For the purpose of this paper we show the detailed line of reasoning only for the commutativity of binary operators, while, for readability, we refer to the corresponding papers and theorems for the other results in Section 5. Definition 5 (Commutativity). Given a TSS and a binary process operator f in its process signature, f is called commutative w.r.t. ∼, if the following equation is sound w.r.t. ∼: f (x0 , x1 ) = f (x1 , x0 ). Definition 6 (Commutativity format [5]). A transition system specification over signature Σ is in commform format with respect to a set of binary function symbols COMM ⊆ Σ if all its f -defining transition rules with f ∈ COMM have the following form lij
{xj −→ yij | i ∈ I} (c)
l
f (x0 , x1 ) − →t where j ∈ {0, 1}, I is an arbitrary index set, and variables appearing in the source of the conclusion and target of the premises are all pairwise distinct. We denote the set of premises of (c) by H and the
Gebler, Goriac & Mousavi
67
conclusion by α. Moreover, for each such rule, there exist a transition rule (c’) of the following form in the transition system specification H′ (c’)
l
→ t′ f (x′0 , x′1 ) − and a bijective mapping (substitution) h ¯ on variables such that • h ¯(x′0 ) = x1 and h ¯(x′1 ) = x0 , • h ¯(t′ ) ∼cc t and • h ¯(h′ ) ∈ H, for each h′ ∈ H ′ , where ∼cc means equality up to swapping of arguments of operators in COMM in any context. Transition rule (c’) is called the commutative mirror of (c). Theorem 7 (Commutativity for comm-form [5]). If a transition system specification is in comm-form format with respect to a set of operators COMM, then all operators in COMM are commutative with respect to strong bisimilarity.
2.4 Sound and ground-complete axiomatizations In this section we recall several key aspects presented in [2], where the authors provide a procedure for converting any GSOS language definition that disjointly extends the language for synchronization trees to a finite complete equational axiom system which characterizes strong bisimilarity over a disjoint extension of the original language. It is important to note that we work with the GSOS format because it guarantees that bisimilarity is a congruence and that the transition relation is finitely branching [13]. For the sake of simplicity, we confine ourselves to the positive subset of the GSOS format; we expect the generalization to the full GSOS format to be straightforward. Definition 8 (Positive GSOS rule format). Consider a process signature ΣP . A positive GSOS rule ρ over ΣP has the shape: lij
{xi −→ yij | i ∈ I, j ∈ Ji } (g)
l
,
f (x1 , . . . , xn ) − → C[~x,~y ] where all variables are distinct, f is an operation symbol form ΣP with arity n, I ⊆ {1, . . . , n}, Ji finite for each i ∈ I, lij and l are labels standing for actions ranging over a given set denoted by L, and C[~x,~y ] is a ΣP -context with variables including at most the xi ’s and yij ’s. A finite tree term t is built according to the following grammar: t ::= 0 | l.t (∀l ∈ L) | t + t. We denote this signature by ΣBCCSP . Intuitively, 0 represents a process that does not exhibit any behaviour, s + t is the nondeterministic choice between the behaviours of s and t, while l.t is a process that first performs action l and behaves like t afterwards. The operational semantics that captures this intuition is given by the rules of BCCSP [21]: l
x− → x′ l
l.x − →x
l
x+y − → x′
l
y− → y′ l
x+y − → y′
.
Algebraic Meta-Theory of Processes with Data
68
Definition 9 (Axiom System). An axiom (or equation) system E over a signature Σ is a set of equalities of the form t = t′ , where t, t′ ∈ T(Σ). An equality t = t′ , for some t, t′ ∈ T(Σ), is derivable from E, denoted by E ⊢ t = t′ , if and only if it is in the smallest congruence relation over Σ-terms induced by the equalities in E. We consider the axiom system EBCCSP which consists of the following axioms: x+y = y+x
x+x = x
(x + y) + z = x + (y + z)
x+0 = x.
Theorem 10 ([23]). EBCCSP is sound and ground-complete for bisimilarity on T (ΣBCCSP ). That is, it holds that EBCCSP ⊢ p = q if, and only if, p ↔BCCSP q for any two ground terms p and q ∈ T (ΣBCCSP ). Definition 11 (Disjoint extension). A GSOS system G′ is a disjoint extension of a GSOS system G, written G ⊑ G′ , if the signature and the rules of G′ include those of G, and G′ does not introduce new rules for operations in G. In [2] it is elaborated how to obtain an axiomatization for a GSOS system G that disjointly extends BCCSP. For technical reasons the procedure involves initially transforming G into a new system G′ that conforms to a restricted version of the GSOS format, named smooth and distinctive. We avoid presenting this restricted format, as the method proposed in Section 4 allows us to obtain the axiomatization without the need to transform the initial system G.
3
Currying Data
We apply the process of currying [40] known from functional programming to factor out the data from the source and target of transitions and enrich the label to a triple capturing the data flow of the transition. This shows that, for specifying behaviour and data of dynamic systems, the data may be freely distributed over states (as part of the process terms) or system dynamics (action labels of the transition system), providing a natural correspondence between the notions of stateless bisimilarity and strong bisimilarity. An essential aspect of our approach is that the process of currying is a syntactic transformation defined on transition system specifications (and not a semantic transformation on transition systems); this allows us to apply meta-theorems from the meta-theory of SOS and obtain semantic results by considering the syntactic shape of (transformed) SOS rules. Definition 12 (Currying and Label Closure). Consider the TSS with data T = (ΣP ∪ ΣD , L, R) and lij
transition rule ρ ∈ R of the shape ρ =
{(tPi , tDi ) −→ (tPij , tDij ) | i ∈ I, j ∈ Ji } l
(tP , tD ) − → (t′P , t′D )
.
(tDi ,lij ,tDij )
The curried version of ρ is the rule ρc =
{tPi −−−−−−−−→ tPij | i ∈ I, j ∈ Ji }
. We further define (tD ,l,t′D ) ′ tP −−−−− → tP Rc = {ρc | ρ ∈ R} and Lc = {(tD , l, t′D ) | l ∈ L, tD , t′D ∈ T(ΣD )}. The curried version of T is defined as T c = (ΣP , Lc , Rc ). (ξ(tDi ),lij ,ξ(tDij ))
By ρcξ =
{tPi −−−−−−−−−−−→ tPij | i ∈ I, j ∈ Ji } (ξ(tD ),l,ξ(t′D ))
tP −−−−−−−−−→ t′P
we denote the closed label version of ρc with re-
spect to the closed data substitution ξ. By cl(ρc ) we denote the set consisting of all closed label versions of ρc , i.e. cl(ρc ) = {ρcξ | ρc ∈ Rc , ξ is a closed data substitution}. We further define cl(Rc ) = {cl(ρc ) |
Gebler, Goriac & Mousavi
69
ρc ∈ Rc } and cl(Lc ) = {(ξ(tD ), l, ξ(t′D )) | (tD , l, t′D ) ∈ Lc , ξ is a closed data substitution}. The closed label version of T c is cl(T c ) = (ΣP , cl(Lc ), cl(Rc )). Our goal is to reduce the notion of stateless bisimilarity between two closed process with data terms to strong bisimilarity by means of currying the TSS with data and closing its labels. The following theorem states how this goal can be achieved. Theorem 13. Given a TSS T = (Σ, L, D) with data, for each two closed process terms p, q ∈ T (ΣP ), c p ↔Tsl q if, and only if, p ↔cl(T ) q.
4
Axiomatizing GSOS with Data
In this section we provide an axiomatization schema for reasoning about stateless bisimilarity. We find it easier to work directly with curried systems instead of systems with data because this allows us to adapt the method introduced in [2] by considering the set of more complex labels that integrate the data, as presented in Section 3. It is important to note that we present the schema by considering that the signature for data terms, ΣD , consists only of a finite set of constants. However, as we foresee a future extension to a setting with arbitrary data terms, we choose to use the notation for arbitrary data terms instead of the one for constants in some of the following definitions. BCCSP is extended to a setting with data, BCCSPD . This is done by adding to the signature for process terms ΣBCCSP two auxiliary operators for handling the store, named check and update, obtaining a new signature, ΣBCCSPD . Terms over ΣBCCSPD are build according to the following grammar: tP ::= 0 | l.tP ∀l∈L | check(tD , tP ) | update(tD , tP ) | tP + tP . Intuitively, operation check(tD , tP ) makes sure that, before executing an initial action from tP , the store has the value tD , and update(tD , tP ) changes the store value to tD after executing an initial action of process tP . The prefix operation does not affect the store. We directly provide the curried set of rules defining the semantics of BCCSPcD . (xD ,l,x′ )
(xD ,l,x′ )
D → x′P xP −−−−−−
(xD ,l,xD )
l.xP −−−−−−→ xP
(xD ,l,x′ )
D → x′P xP −−−−−−
D check(xD , xP ) −−−−−− → x′P
(xD ,l,x′ )
(xD ,l,x′ )
D yP −−−−−− → yP′
D xP −−−−−− → x′P
(xD ,l,x′D )
xP + yP −−−−−−→
(xD ,l,yD )
update(yD , xP ) −−−−−−→ x′P
x′P
(xD ,l,x′D )
xP + yP −−−−−−→
. yP′
Definition 3 can easily be adapted to the setting of SOS systems with data that are curried. Definition 14. Consider a TSS T = (ΣP ∪ ΣD , L, R), which means that T c = (ΣP , Lc , Rc ). A relation R ⊆ T (ΣP ) × T (ΣP ) is a strong bisimulation if and only if it is symmetric and ∀p,q (p, q) ∈ R ⇒ (d,l,d′ )
(d,l,d′ )
∀d,l,d′ ,p′ p −−−−→ p′ ⇒ ∃q′ q −−−−→ q ′ ∧ (q, q ′ ) ∈ R. Two closed terms p and q are strongly bisimilar, c denoted by p ↔T q if there exists a strong bisimulation relation R such that (p, q) ∈ R.
Algebraic Meta-Theory of Processes with Data
70
The axiomatization EBCCSPcD of strong bisimilarity over BCCSPcD , which is to be proven sound and ground-complete in the remainder of this section, is given below: xP + y P xP + (yP + zP ) xP + xP xP + 0 check(xD , xP + yP ) update(xD , xP + yP ) check(xD , update(yD , xP )) update(xD , update(yD , xP )) check(d, check(d, xP )) check(d, check(d′ , xP )) l.xP
= = = = = = = = = = =
y P + xP (xP + yP ) + zP xP xP check(xD , xP ) + check(xD , yP ) update(xD , xP ) + update(xD , yP ) update(yD , check(xD , xP )) update(xD , xP ) xP (∀d ∈ ΣD ) 0 (∀d, d′ ∈ ΣD , d 6= d′ ) P d∈ΣD update(d, check(d, l.xP ))
(n-comm) (n-assoc) (n-idem) (n-zero) (nc) (nu) (cu) (uu) (cc) (cc’) (lc)
Recall that ΣD is a finite set of constants, and, therefore, the right hand side of axiom (lc) has a finite number of summands. The following theorem is proved in the standard fashion. Theorem 15 (Soundness). For each two terms s, t in T(ΣBCCSPcD ) it holds that if EBCCSPcD ⊢ s = t then c s ↔BCCSPD t. We now introduce the concept of terms in head normal form, which is essential for proving the completeness of axiom systems. Definition 16 (Head Normal Form). Let ΣP be a signature such that ΣBCCSPcD ⊆ ΣP . A term t in T(ΣP ) is in head normal form (for short, h.n.f.) if X t= update(t′Di , check(tDi , li .tP i )), i∈I
where, for every i ∈ I, tDi , t′Di ∈ T(ΣD ), tP i ∈ T(ΣD ), li ∈ L. The empty sum (I = ∅) is denoted by the deadlock constant 0. Lemma 17 (Head Normalization). For any term p in T (ΣBCCSPcD ), there exists p′ in T (ΣBCCSPcD ) in h.n.f. such that EBCCSPcD ⊢ p = p′ . Proof. By induction on the number of symbols appearing in p. We proceed with a case distinction on the head symbol of p. Base case • p = 0; this case is vacuous, because p is already in h.n.f. Inductive step cases • p is of the shape l.p′ ; then def. p (lc) P ′ p = l.p′ = d∈T (ΣD ) update(d, check(d, l.p )), which is in h.n.f. • p is of the shape check(d′′ , p′′ ); then def. p
ind. hyp.
p = check(d′′ , p′′ ) = P (nc) P (cu) ′′ ′ ′ check(d′′ , i∈I update(d′i , check(di , li .p′i ))) = i∈I check(d , update(di , check(di , li .pi ))) = P (cc,cc’) P ′ ′ ′ ′′ ′ = i∈I,di =d′′ update(di , check(di , li .pi )), i∈I update(di , check(d , check(di , li .pi ))) which is in h.n.f.
Gebler, Goriac & Mousavi
71
• p is of the form update(d′′ , p′′ ); then P ind. hyp. def. p (nu) p = update(d′′ , p′′ ) = update(d′′ , i∈I update(d′i , check(di , li .p′i ))) = P (uu) P ′′ ′ ′ ′′ ′ i∈I update(d , update(di , check(di , li .pi ))) = i∈I update(d , check(di , li .pi )), which is in h.n.f. • p is of the form p0 + p1 ; then ind. hyp. P def. p ′ ′′ ′ p = p + p = 0 1 i∈I check(d , update(di , check(di , li .pi ))) + P ′ ′′ ′ check(d , update(dj , check(dj , lj .pj ))) = Pj∈J ′ ′′ ′ k∈I∪J check(d , update(dk , check(dk , lk .pk ))), which is in h.n.f. Theorem 18 (Ground-completeness). For each two closed terms p, q ∈ T (ΣBCCSPcD ), it holds that if c p ↔BCCSPD q, then EBCCSPcD ⊢ p = q. Proof. We assume, by Lemma 17 that p, q are in h.n.f., define the function height as follows: 0 1 + max(height(p1 ), height(p2 )) height(p) = 1 + height(p′ )
if p = 0 if p = p1 + p2 if p = update(d′ , check(d, l.p′ )),
and prove the property by induction on M = max(height(p), height(q)). Base case (M = 0) This case is vacuous, because p = q = 0, so EBCCSPcD ⊢ p = q. Inductive step case (M > 0) We prove EBCCSPcD ⊢ p = q + p by arguing that every summand of q is provably equal to a summand of p. Let update(d′ , check(d, l.q ′ )) be a summand of q. By applying the rules (d,l,d′ )
c
(d,l,d′ )
defining BCCSPcD , we derive q −−−−→ q ′ . As q ↔BCCSPD p holds, it has to be the case that p −−−−→ p′ and c q ′ ↔BCCSPD p′ hold. As max(height(q ′ ), height(p′ )) < M , from the inductive hypothesis it results that EBCCSPcD ⊢ q ′ = p′ , hence update(d′ , check(d, l.q ′ )) is provably equal to update(d′ , check(d, l.p′ )), which is a summand of p. It follows, by symmetry, that EBCCSPcD ⊢ q = p + q holds, which ultimately leads to the fact that EBCCSPcD ⊢ p = q holds. Consider a TSS with data T = (ΣP ∪ ΣD , L, R). For an operation f ∈ ΣP , we denote by Rf the set of all rules defining f . All the rules in Rf are in the GSOS format extended with the data component. For the simplicity of presenting the axiomatization schema, we assume that f only has process terms as arguments, baring in mind that adding data terms is trivial. When given a signature ΣP that includes ΣBCCSPcD , the purpose of an axiomatization for a term c p ∈ T (ΣP ) is to derive another term p′ such that p ↔T p′ and p′ ∈ T (ΣBCCSPcD ). Definition 19 (Axiomatization schema). Consider a TSS T c = (ΣP , Lc , Rc ) such that BCCSPcD ⊑ T c . By ET c we denote the axiom system that extends EBCCSPcD with the following axiom schema for every operation f in T , parameterized over the vector of closed process terms p~ in h.n.f.: ) ( P H p, ρ) , ∈ cl(Rcf ) and X(~ update(d′ , check(d, l.C[~ p, y~P ])) ρ = f (~ p) = (d,l,d′ ) f (~ p) −−−−→ C[~ p, ~q]
Algebraic Meta-Theory of Processes with Data
72
V where X is defined as X(~ p, ρ) = pk ∈~p X′ (pk , k, ρ), (di ,lij ,d′ij ) − − − − − − → y | i ∈ I, j ∈ J } {x Pij i Pi and X′ pk , k, = (d,l,d′ ) f (~ p) −−−−→ C[~ p, ~q] if k ∈ I then ∀j∈Jk ∃p′ ,p′′ EBCCSPcD ⊢ pk = update(d′kj , check(dk , lkj .p′ )) + p′′ . Intuitively, the axiom transforms f (~ p) into a sum of closed terms covering all its execution possibilities. We iterate, in order to obtain them, through the set of f -defining rules and check if ~p satisfies their hypotheses by using the meta-operation X. X makes sure that, for a given rule, every component of p~ is a term with enough action prefixed summands satisfying the hypotheses associated to that component. Note that the axiomatization is built in such a way that it always derives terms in head normal form. Also note that the sum on the right hand side is finite because of our initial assumption that the signature for data is a finite set of constants. The reason why we conceived the axiomatization in this manner is of practical nature. Our past experience shows that this type of schemas may bring terms to their normal form faster than finite axiomatizations. Aside this, we do not need to transform the initial system, as presented in [2]. Theorem 20. Consider a TSS T c = (ΣP , Lc , Rc ) such that BCCSPcD ⊑ T c . ET c is sound and groundcomplete for strong bisimilarity on T (ΣP ). Proof. It is easy to see that, because of the head normal form of the right hand side of every axiom, the completeness of the axiom schema reduces to the completeness proof for bisimilarity on T (ΣBCCSPcD ). In order to prove the soundness, we denote, for brevity, the right hand side of the schema in Definition 19 by RHS. Let us first prove that if f (~ p) performs a transition then it can be matched by RHS. Consider a rule ρ ∈ (di ,lij ,dij )
p): ρ = cl(Rcf ) that can be applied for f (~
{xi −−−−−−→ yij | i ∈ I, j ∈ Ji } (d,l,d′ )
(d,lij ,d′ )
. Then f (~ p) −−−−−→ C[~ p, ~ q]
f (~x) −−−−→ C[~x,~y ] holds and, at the same time, all of the rule’s premises are met. This means that pi is of the form P ′ ′ j∈Ji update(dij , check(di , lij .pij )) + p for some p and pij ’s. It is easy to see that all the conditions for (di ,lij ,dij )
X are met, so (d, l, d′ ).C[~ p, ~ q ] is a summand of RHS, and therefore it holds that RHS −−−−−−→ C[~ p, ~ q ], witch matches the transition from f (~ p). The proof for the fact that f (~ p) can match any of the transitions of RHS is similar.
We end this section with the remark that the problem of extending the axiomatization schema to the setting with arbitrary data terms is still open. The most promising solution we have thought of involves using the infinite alternative quantification operation from [38]. This operation would us to define and express head normal forms as (potentially) infinite sums, parameterized over data variables.
5
Case Study: The Coordination Language Linda
In what follows we present the semantics and properties of a core prototypical language. The provided specification defines a structural operational semantics for the coordination language Linda; the specification is taken from [31] and is a slight adaptation of the original semantics presented in [14] (by removing structural congruences and introducing a terminating process ǫ). Process constants (atomic process terms) in this language are ǫ (for terminating process), ask(u) and nask(u) (for checking existence and absence of tuple u in the shared data space, respectively), tell(u) (for adding tuple u to the
Gebler, Goriac & Mousavi
73
space) and get(u) (for taking tuple u from the space). Process composition operators in this language include nondeterministic choice (+), sequential composition (;) and parallel composition (k). The data signature of this language consists of a constant {} for the empty multiset and a class of unary function symbols ∪{u}, for all tuples u, denoting the union of a multiset with a singleton multiset containing tuple u. The operational state of a Linda program is denoted by (p, xD ) where p is a process term in the above syntax and xD is a multiset modeling the shared data space. The transition system specification defines one relation − → and one predicate ↓. Note that → − is unlabeled, unlike the other relations considered so far. Without making it explicit, we tacitly consider ↓
the termination predicate ↓ as a binary transition relation − → with the pair (xP , xD ), where xP and xD are fresh yet arbitrary process and data variables, respectively. Below we provide a table consisting of both the original and the curried and closed label versions of the semantics of Linda on the left and, respectively, on the right. (1) (2)
(ask(u), xD ∪ {u}) − → (ǫ, xD ∪ {u})
(3) (4) (5) (6)
(1c )
(ǫ, xD ) ↓
(tell(u), xD ) → (ǫ, xD ∪ {u}) (get(u), xD ∪ {u}) → (ǫ, xD )
(nask(u), xD ) → (ǫ, xD ) (xP , xD ) ↓
(xP + yP , xD ) ↓ (8)
(9)
(7)
[u ∈ / xD ]
(yP , xD ) ↓ (xP + yP , xD ) ↓
(xP , xD ) → (x′P , xD ′ ) (xP + yP , xD ) → (x′P , xD ′ ) (yP , xD ) → (yP′ , xD ′ ) (xP + yP , xD ) → (yP′ , xD ′ )
(xP , xD ) → (x′P , xD ′ ) (10) (xP ; yP , xD ) → (x′P ; yP , xD ′ ) (11)
(xP , xD ) ↓ (yP , xD ) → (yP′ , xD ′ ) (xP ; yP , xD ) → (yP′ , xD ′ ) (12)
(2c )
(d∪{u},−,d∪{u})
ask(u) −−−−−−−−−−→ ǫ (3c )
(d,−,d∪{u})
tell(u) −−−−−−−→ ǫ (4c )
(d∪{u},−,d)
get(u) −−−−−−−→ ǫ [u ∈ / d] (d,−,d) nask(u) −−−−→ ǫ xP ↓ y↓ (6c ) (7c ) xP + y P ↓ xP + y P ↓ (5c )
(d,−,d′ )
xP −−−−−→ x′P
(8c )
(d,−,d′ )
xP + yP −−−−−→ x′P (d,−,d′ )
(9c )
yP −−−−−→ yP′ (d,−,d′ )
xP + yP −−−−−→ yP′ (d,−,d′ )
xP −−−−−→ x′P
(10c )
(d,−,d′ )
xP ; yP −−−−−→ x′P ; yP
(11c )
(xP , xD ) ↓ (yP , xD ) ↓ (xP ; yP , xD ) ↓
(xP , xD ) → (x′P , xD ′ ) (13) (xP k yP , xD ) → (x′ k y, xD ′ )
ǫ↓
xP ↓
(d,−,d′ )
yP −−−−−→ yP′ (d,−,d′ )
xP ; yP −−−−−→ yP′ xP ↓ y P ↓ (12c ) xP ; y P ↓ (d,−,d′ )
(13c )
xP −−−−−→ x′P (d,−,d′ )
xP || yP −−−−−→ x′P || yP
Algebraic Meta-Theory of Processes with Data
74
(14)
(yP , xD ) → (yP′ , xD ′ ) (xP k yP , xD ) → (xP k yP′ , xD ′ ) (15)
(xP , xD ) ↓ (yP , xD ) ↓ (xP k yP , xD ) ↓
(d,−,d′ )
(14c )
yP −−−−−→ yP′ (d,−,d′ )
xP || yP −−−−−→ xP || yP′ xP ↓ y P ↓ (15c ) xP k y P ↓
In the curried SOS rules, d and d′ are arbitrary closed data terms, i.e., each transition rule given in the curried semantics represents a (possibly infinite) number of rules for each and every particular d, d′ ∈ T (ΣD ). It is worth noting that by using the I-MSOS framework [28] we can present the curried system without explicit labels at all as they are propagated implicitly between the premises and conclusion. Consider transition rules (6c ), (7c ), (8c ), and (9c ); they are the only + - defining rules and they fit in the commutativity format of Definition 6. It follows from Theorem 7 that the equation x + y = y + x is sound with respect to strong bisimilarity in the curried semantics. Subsequently, following Theorem 13, we have that the previously given equation is sound with respect to stateless bisimilarity in the original semantics. (Moreover, we have that (x0 + x1 , d) = (x1 + x2 , d) is sound with respect to statebased bisimilarity for all d ∈ T (ΣD ).) Following a similar line of reasoning, we get that x || y = y || x is sound with respect to stateless bisimilarity in the original semantics. In addition, we derived the following axioms for the semantics of Linda, using the meta-theorems stated in the third column of the table. The semantics of sequential composition in Linda is identical to the sequential composition (without data) studied in Example 9 of [17]; there, it is shown that this semantics conforms to the A SSOC -D E S IMONE format introduced in [17] and hence, associativity of sequential composition follows immediately. Also semantics of nondeterministic choice falls within the scope of the A SSOC -D E S IMONE format (with the proposed coding of predicates), and hence, associativity of nondeterministic choice follows (note that in [17] nondeterministic choice without termination rules is treated in Example 1; moreover, termination rules in the semantics of parallel composition are discussed in Section 4.3 and shown to be safe for associativity). Following a similar line of reasoning associativity of parallel composition follows from the conformance of its rules to the A SSOC -D E S IMONE format of [17]. Idempotence for + can be obtained, because rules (6c ), (7c ) and (8c ), (9c ) are choice rules [1, Definition 40] and the family of rules (6c ) to (9c ) for all data terms d and d′ ensure that the curried specification is in idempotence format with respect to the binary operator +. The fact that ǫ is unit element for ; is proved similarly as in [4], Example 10. Property Axiom Meta-Theorem Associativity for ; x ; (y ; z) = (x ; y) ; z Theorem 1 of [17] x + (y + z) = (x + y) + z Theorem 1 of [17] Associativity for + Associativity for || x || (y || z) = (x || y) || z Theorem 1 of [17] x+x = x Theorem 42 of [1] Idempotence for + ǫ;x=x Theorem 3 of [4] Unit element for ; Distributivity of + over ; (x + y) ; z = (x ; y) + (x ; z) Theorem 3 of [3] We currently cannot derive an axiomatization for Linda because its semantics involves arbitrary data terms, as opposed to a finite number of constants.
Gebler, Goriac & Mousavi
6
75
Conclusions
In this paper, we have proposed a generic technique for extending the meta-theory of algebraic properties to SOS with data, memory or store. In a nutshell, the presented technique allows for focusing on the structure of the process (program) part in SOS rules and ignoring the data terms in order to obtain algebraic properties, as well as, a sound and ground complete set of equations w.r.t. stateless bisimilarity. We have demonstrated the applicability of our method by means of the well known coordination language Linda. It is also worth noting that one can check whether a system is in the process-tyft format presented in [30] in order to infer that stateless bisimilarity is a congruence, and if this is the case, then strong bisimilarity over the curried system is also a congruence. Our results are applicable to a large body of existing operators in the literature and make it possible to dispense with several lengthy and laborious soundness proofs in the future. Our approach can be used to derive algebraic properties that are sound with respect to weaker notions of bisimilarity with data, such as initially stateless and statebased bisimilarity [31]. We do expect to obtain stronger results, e.g., for zero element with respect to statebased bisimilarities, by scrutinizing data dependencies particular to these weaker notions. We would like to study coalgebraic definitions of the notions of bisimilarity with data (following the approach of [41]) and develop a framework for SOS with data using the bialgebraic approach. Furthermore, it is of interest to check how our technique can be applied to quantitative systems where non-functional aspects like probabilistic choice or stochastic timing is encapsulated as data. We also plan to investigate the possibility of automatically deriving axiom schemas for systems whose data component is given as arbitrary terms, instead of just constants. Acknowledgements. We thank Luca Aceto, Peter Mosses, and Michel Reniers for their valuable comments on earlier versions of the paper. Eugen-Ioan Goriac is funded by the project ‘Extending and Axiomatizing Structural Operational Semantics: Theory and Tools’ (nr. 1102940061) of the Icelandic Research Fund.
References [1] Luca Aceto, Arnar Birgisson, Anna Ing´olfsd´ottir, Mohammad Reza Mousavi & Michel A. Reniers (2012): Rule formats for determinism and idempotence. Science of Computer Programming 77(7–8), pp. 889–907, doi:10.1016/j.scico.2010.04.002. [2] Luca Aceto, Bard Bloom & Frits W. Vaandrager (1994): Turning SOS rules into equations. Information and Computation 111, pp. 1–52, doi:10.1006/inco.1994.1040. [3] Luca Aceto, Matteo Cimini, Anna Ing´olfsd´ottir, Mohammad Reza Mousavi & Michel A. Reniers (2011): Rule Formats for Distributivity. In Adrian Horia Dediu, Shunsuke Inenaga & Carlos Mart´ın-Vide, editors: Language and Automata Theory and Applications - 5th International Conference, LATA 2011, Tarragona, Spain, May 26–31, 2011. Proceedings, Lecture Notes in Computer Science 6638, Springer, pp. 80–91, doi:10.1007/978-3-642-21254-3 5. [4] Luca Aceto, Matteo Cimini, Anna Ing´olfsd´ottir, Mohammad Reza Mousavi & Michel A. Reniers (2011): SOS rule formats for zero and unit elements. Theoretical Computer Science 412(28), pp. 3045–3071, doi:10.1016/j.tcs.2011.01.024. [5] Luca Aceto, Anna Ingolfsdottir, MohammadReza Mousavi & Michel A. Reniers (2009): Algebraic Properties for Free! Bulletin of the European Association for Theoretical Computer Science (BEATCS) 99, pp. 81–104.
76
Algebraic Meta-Theory of Processes with Data
[6] Franz Baader & Tobias Nipkow (1999): Term Rewriting and All That. Cambridge University Press. [7] J.C.M. (Jos) Baeten, Twan Basten & Michel A. Reniers (2010): Process Algebra: Equational Theories of Communicating Processes. Cambridge Tracts in Theoretical Computer Science, Cambrdige University Press. [8] Jos C. M. Baeten & Jan A. Bergstra (1997): Process Algebra with Propositional Signals. Theoretical Computer Science (TCS) 177(2), pp. 381–405, doi:10.1016/S0304-3975(96)00253-8. [9] Christel Baier & Joost-Pieter Katoen (2008): Principles of Model Checking. MIT Press. [10] D. A. van Beek, Ka Lok Man, Michel A. Reniers, J. E. Rooda & Ramon R. H. Schiffelers (2006): Syntax and consistent equation semantics of hybrid Chi. J. Log. Algebr. Program. 68(1-2), pp. 129–210, doi:10.1016/j.jlap.2005.10.005. [11] D. A. van Beek, Michel A. Reniers, Ramon R. H. Schiffelers & J. E. Rooda (2007): Foundations of a Compositional Interchange Format for Hybrid Systems. In Alberto Bemporad, Antonio Bicchi & Giorgio C. Buttazzo, editors: Proceedings of the 10th International Workshop on Hybrid Systems: Computation and Control (HSCC’07), Lecture Notes in Computer Science 4416, Springer, pp. 587–600, doi:10.1007/978-3-540-71493-4 45. [12] Jan A Bergstra & A. (Kees) Middelburg (2007): Synchronous cooperation for explicit multi-threading. Acta Informatica 44, pp. 525–569, doi:10.1007/s00236-007-0057-9. [13] Bard Bloom, Sorin Istrail & Albert R. Meyer (1995): Bisimulation can’t be traced. J. ACM 42, pp. 232–268, doi:10.1145/200836.200876. [14] Antonio Brogi & Jean-Marie Jacquet (1998): On the Expressiveness of Linda-like Concurrent Languages. Electr. Notes Theor. Comput. Sci. 16(2), pp. 75–96, doi:10.1016/S1571-0661(04)00118-5. [15] Nicholas Carriero & David Gelernter (1989): Linda in Context. Communications of the ACM 32(4), pp. 444–459, doi:10.1145/63334.63337. [16] Robert J. Colvin & Ian J. Hayes (2011): Structural Operational Semantics through Context-Dependent Behaviour. Journal of Logic and Algebraic Programming 80(7), pp. 392–426, doi:10.1016/j.jlap.2011.05.001. [17] Sjoerd Cranen, Mohammad Reza Mousavi & Michel A. Reniers (2008): A Rule Format for Associativity. In Franck van Breugel & Marsha Chechik, editors: Proceedings of the 19th International Conference on Concurrency Theory (CONCUR’08), Lecture Notes in Computer Science 5201, Springer-Verlag, pp. 447– 461, doi:10.1007/978-3-540-85361-9 35. [18] Pierpaolo Degano & Corrado Priami (2001): Enhanced operational semantics. ACM Computing Surveys 33(2), pp. 135–176, doi:10.1145/384192.384194. [19] Fabio Gadducci & Ugo Montanari (2000): The Tile Model. In Gordon D. Plotkin, Colin Stirling & Mads Tofte, editors: Proof, Language and Interaction: Essays in Honour of Robin Milner, MIT Press, Boston, MA, USA, 2000, pp. 133–166. [20] Vashti Galpin, Luca Bortolussi & Jane Hillston (2013): HYPE: Hybrid modelling by composition of flows. Formal Asp. Comput. 25(4), pp. 503–541, doi:10.1007/s00165-011-0189-0. [21] R.J. van Glabbeek (2001): The Linear Time - Branching Time Spectrum I. The Semantics of Concrete, Sequential Processes. In A. Ponse S.A. Smolka J.A. Bergstra, editor: Handbook of Process Algebra, Elsevier, pp. 3–99, doi:10.1007/3-540-57208-2 6. [22] Jan Friso Groote & Frits W. Vaandrager (1992): Structured Operational Semantics and Bisimulation As a Congruence. Information and Computation 100(2), pp. 202–260, doi:10.1016/0890-5401(92)90013-6. [23] Matthew Hennessy & Robin Milner (1985): Algebraic laws for nondeterminism and concurrency. J. ACM 32(1), pp. 137–161, doi:10.1145/2455.2460. [24] Narciso Mart´ı-Oliet & Jos´e Meseguer (2002): Rewriting Logic as a Logical and Semantic Framework. In Dov M. Gabbay & Franz Guenthner, editors: Handbook of Philosophical Logic, 9, Kluwer Academic Publishers, 2002, pp. 1–87, doi:10.1007/978-94-017-0464-9 1.
Gebler, Goriac & Mousavi
77
[25] Jos´e Meseguer & Christiano Braga (2004): Modular Rewriting Semantics of Programming Languages. In Charles Rattray, Savi Maharaj & Carron Shankland, editors: Proceedings of the 10th International Conference on Algebraic Methodology and Software Technology (AMAST’04), Lecture Notes in Computer Science 3116, Springer-Verlag, Berlin, Germany, 2004, pp. 364–378, doi:10.1007/978-3-540-27815-3 29. [26] Peter D. Mosses (2004): Exploiting Labels in Structural Operational Semantics. Fundam. Inform. 60(1-4), pp. 17–31. [27] Peter D. Mosses (2004): Modular structural operational semantics. J. Log. Algebr. Program. 60-61, pp. 195–228, doi:10.1016/j.jlap.2004.03.008. [28] Peter D. Mosses & Mark J. New (2009): Implicit Propagation in Structural Operational Semantics. Electr. Notes Theor. Comput. Sci. 229(4), pp. 49–66, doi:10.1016/j.entcs.2009.07.073. [29] Mohammad Reza Mousavi, Michel Reniers & Jan Friso Groote (2004): Congruence for SOS with Data. In: Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science (LICS’04), IEEE Computer Society Press, Los Alamitos, CA, USA, 2004, pp. 302–313, doi:10.1109/LICS.2004.1319625. [30] Mohammad Reza Mousavi, Michel A. Reniers & Jan Friso Groote (2004): Congruence for SOS with Data. In: LICS, pp. 303–312, doi:10.1109/LICS.2004.1319625. [31] Mohammad Reza Mousavi, Michel A. Reniers & Jan Friso Groote (2005): Notions of Bisimulation and Congruence Formats for SOS with Data. Information and Computation 200(1), pp. 107–147, doi:10.1016/j.ic.2005.03.002. [32] Mohammad Reza Mousavi, Michel A. Reniers & Jan Friso Groote (2005): A syntactic commutativity format for SOS. Inf. Process. Lett. 93(5), pp. 217–223, doi:10.1016/j.ipl.2004.11.007. [33] Scott Owens (2008): A Sound Semantics for OCamllight. In Sophia Drossopoulou, editor: ESOP, Lecture Notes in Computer Science 4960, Springer, pp. 1–15, doi:10.1007/978-3-540-78739-6 1. [34] David Michael Ritchie Park (1981): Concurrency and Automata on Infinite Sequences. In Peter Deussen, editor: Theoretical Computer Science, Lecture Notes in Computer Science 104, Springer, pp. 167–183, doi:10.1007/BFb0017309. [35] Gordon D. Plotkin (1981): A structural approach to operational semantics. Technical Report DAIMI FN-19, Computer Science Department, Aarhus University, Aarhus, Denmark. [36] Gordon D. Plotkin (2004): The origins of structural operational semantics. Journal of Logic and Algebraic Programming (JLAP) 60, pp. 3–15, doi:10.1016/j.jlap.2004.03.009. [37] Gordon D. Plotkin (2004): A structural approach to operational semantics. Journal of Logic and Algebraic Progamming (JLAP) 60, pp. 17–139. This article first appeared as [35]. [38] Michel A. Reniers, Jan Friso Groote, Mark B. van der Zwaag & Jos van Wamel (2002): Completeness of Timed µCRL. Fundamenta Informaticae 50(3-4), pp. 361–402. [39] A. W. (Bill) Roscoe (2010): Understanding Concurrent Systems. Springer, doi:10.1007/978-1-84882-258-0. [40] Christopher Strachey (2000): Fundamental Concepts in Programming Languages. Higher-Order and Symbolic Computation 13, pp. 11–49, doi:10.1023/A:1010000313106. [41] Daniele Turi & Gordon D. Plotkin (1997): Towards a Mathematical Operational Semantics. In: LICS, IEEE Computer Society, pp. 280–291, doi:10.1109/LICS.1997.614955.
